Y
Hacker News
new
|
ask
|
show
|
jobs
by
ascorbic
314 days ago
The evil site usually says something like "enter the code from our identity partner x" or something, which is a lot more believable when it's a service like Microsoft that
does
provide services like that.
1 comments
gethly
314 days ago
That is not how oAuth works.
link
ascorbic
314 days ago
That's the point: this isn't OAuth. It's just a way to phish the code.
link
gethly
313 days ago
If it is not oAuth, where does Microsoft come from then?
link